sendlyst.
start_free →
security

Your data is ours to protect.

Sendlyst is built on the same security primitives as the world's most compliance-heavy SaaS companies.

Certifications

  • SOC 2 Type II — audited annually by an independent third party
  • GDPR + UK GDPR compliant with EU data residency on request
  • CAN-SPAM + CASL compliant with built-in unsubscribe enforcement
  • ISO 27001 — in progress (audit Q4 2026)

Infrastructure

  • All data encrypted at rest (AES-256) and in transit (TLS 1.3)
  • Hosted on enterprise cloud with redundant regions
  • Daily encrypted backups with 30-day retention
  • Zero-trust network with hardware-key admin access

Application security

  • OAuth-first inbox connection (no plain-text passwords stored)
  • Per-user row-level security on every table
  • Quarterly third-party penetration tests
  • Bug bounty program (responsible disclosure honored)

Reports & docs

SOC 2 report, DPA, sub-processor list, and pen-test summaries available under NDA. Email security@sendlyst.com.